Risk Management in the Nonprofit Sector (2025) Step 1 of 8 12% Welcome and thank you for your interest in our survey!What type of organization do you work for? Nonprofit organization Something else Thank you for your interest! Since this survey is only for nonprofits, we do not need your answers at this time. Stay tuned for the survey results, which will be published in an upcoming issue of the RISK eNews. Your Nonprofit's Risk Management Goals and PrioritiesWhat is the primary goal of risk management at your nonprofit? Ensuring compliance (e.g., compliance with laws, financial controls, workplace policies, etc.) Improving decision-making (i.e., assessing risk to inform the day-to-day decisions we make as individual team members and/or an organization) Informing strategy (i.e., our board and/or executive team focus on taking risks to advance our nonprofit's mission) Preventing injury/harm (e.g., harm to clients, staff members, volunteers, etc.) Other (please specify) Please describe primary goal of risk management at your nonprofit below:Are you planning to reorganize or re-prioritize your nonprofit's risk management approach during the next 12 months?Select your choice.Yes, definitely within the next 12 months.Yes, but over a longer timeframe (within the next 3 years).No.Choose the answers that best describe how your nonprofit will reorganize or evolve your approach to risk management. We are forming (or re-starting) a Risk Management Committee. We are planning to hire one or more new staff members with risk responsibilities. We are exploring ways to engage with our Board/Board Committees around the risks we face. We are hoping to revise our approach to conducting a periodic Risk Assessment. We are planning to take a fresh look at how our risk function and activities are structured. We are hoping to broaden our approach to include areas or teams that haven't typically been involved. Other (please specify) Please describe how your nonprofit will reorganize or evolve your approach to risk management. Risk Management Responsibility at Your NonprofitWho is responsible for risk management at your nonprofit? (Check all that apply) One person (e.g., Risk Manager, Director of Safety, CFO, etc.) A staff-level team or committee An executive-level team or committee The board (e.g., risk governance has been assigned to a specific board committee) No one is assigned to handle risk management I don't know Other Describe who is responsible for risk management at your nonprofitWhat is the primary role of the individual or team you indicated was responsible for risk management at your nonprofit? Identifying, assessing, and managing risks Educating other teams/team members about the discipline of risk management Internal audit or other forms of audit Insurance program governance Reporting to constituents (e.g., board, executives, funders) about your organization's risks and risk management efforts Managing Risks at Your NonprofitRate your level of satisfaction with your organization's management of your top risks.Select your rating.High. We devote adequate time to understanding our top risks, and designing and implementing strategies to manage those risks.Medium. We devote adequate time to understanding and managing some, but not all of our priority risks.Low. We generally do not devote enough time to understanding and managing our top risks.Review the three types of risks described below. For each type of risk, select from the drop-down the rating that best describes your organization's risk management capabilities with respect to that risk type.Preventable RisksUndesirable future events, whose likelihood and potential impact can be managed through compliance efforts, such as changes in program design, policy, training, etc.Select your rating.Very EffectiveSomewhat EffectiveNot EffectiveStrategic RisksThe nonprofit's 'big bets' - risks it willingly takes to achieve its missionSelect your rating.Very EffectiveSomewhat EffectiveNot EffectiveExternal RisksRisks the nonprofit is unable to prevent, such as natural disasters or criminal acts by third parties; risk management emphasis is generally on developing contingency and crisis management plansSelect your rating.Very EffectiveSomewhat EffectiveNot EffectiveDoes your nonprofit have a written risk management plan describing your goals, critical risks, and assignment of responsibility?Select your choice.YesNoI don't know Challenges and Successes in Risk ManagementThe next two questions will allow you to identify the top challenges that make it hard for your nonprofit to practice or strengthen risk management.Select the #1 challenge that makes it hard for your nonprofit to practice or strengthen risk management:Select your #1 challenge.TimeFunding/resourcesNumber of staffLimited risk management knowledge/experienceLack of interest in risk managementCultural barriers (e.g., fear of reporting risks)OtherSelect the #2 challenge that makes it hard for your nonprofit to practice or strengthen risk management:Select your #2 challenge.TimeFunding/resourcesNumber of staffLimited risk management knowledge/experienceLack of interest in risk managementCultural barriers (e.g., fear of reporting risks)OtherIn one or both of the answers above, you selected "Other." Please describe your #1 and/or #2 challengesSelect the ways that understanding your risks has supported your nonprofit's mission or goals. We make more informed decisions. We are better prepared for emergencies. We take more risks that advance our programs and mission. We remain resilient after a crisis occurs. We are better able to candidly discuss challenges and concerns in the workplace. Other (please specify) Please describe how understanding your risks has supported your nonprofit's mission or goals. Your Board and RiskTo what degree do you believe that the board, management, and front-line staff share the same risk appetite?Risk appetite refers to the type and amount of risks your organization believes is necessary to advance its mission. There are major differences in the risk appetites of these constituents. There may be nuances in how these constituent groups perceive risk, but no major differences. All of these constituents seem to be aligned with regard to our risk appetite. I don't know. Which of the following most closely resembles your model for risk reporting and governance? Staff report on risk issues to one or more senior managers, who in turn report to the CEO, who reports to the Board. Staff report to a risk governance committee (e.g., Audit Committee, Risk Committee, etc. ) who in turn reports to the Board. Staff report to a senior leader, who in turns reports to a risk governance committee, who in turn reports to the board. Risk reporting stays at the staff level only. We don't report on our risks, and therefore there is no governance. How often does the Board of Directors at your nonprofit talk about risk or risk management?Select the frequency.Every meeting.More than once per year, but not every meeting.Once per year.Never.I don't know.Has your Board of Directors recently become more interested in risk management?Select your choice.Our board is significantly more interested in risk management.Our board's interest in risk management has not changed.Our board is less interested in risk management.I don't know.Does your Board, or Board committee with a risk governance role...Review and approve your nonprofit's risk framework.Select your response.YesNoNot applicableDiscuss the concept of organizational risk appetite.Select your response.YesNoNot applicableApprove a statement or policy on risk appetite.Select your response.YesNoNot applicableHelp establish and embed a risk-aware culture by promoting open discussions regarding risk.Select your response.YesNoNot applicableMonitor new and emerging risks.Select your response.YesNoNot applicableUse a risk lens in the review and discussion of strategic choices, decisions, or priorities.Select your response.YesNoNot applicable About Your Nonprofit - DemographicsWhich of the following best describes your role?Please select your role.Board memberChief Executive Officer/President/Executive Director (CEO)Chief Financial Officer (CFO)Chief Operating Officer (COO)Chief Technology Officer (CTO)Chief Risk Officer/Risk Manager (CRO)Director of Human ResourcesDirector of ComplianceProgram DirectorLegal Counsel/General CounselVolunteerOther staff roleOther (please specify)Please describe your role.Please select the category that corresponds to total operating expenses at your nonprofit for the most recent fiscal year.Select your operating expenses.Less than $500,000$500,000 - $999,999$1 Million - $10 Million$11 Million - $25 Million$26 Million - $100 MillionMore than $100 MillionPlease choose the category below that is the closest match to your nonprofit's mission or the types of programs you offer.Please select your category.AdvocacyArts or cultureEducation and/or researchEnvironmental issuesGrantmaker/PhilanthropyHealth servicesHuman or social servicesInternational aid, relief or servicesSports or recreationReligious (church or faith-based organization)Professional associationTrade associationFinancial services organizationHuman rightsAnimal rights, animal rescueManagement assistance organizationOther (please specify)Please describe your nonprofit's mission/services type.Please select the staff size category that best describes your nonprofit (please count employees, not volunteers, and include employees in all locations).Please select your staff size.No paid employees10 or fewer employees11-99 employees100-999 employees1000+ employeesIf you’d like to speak with us to provide additional input, please share your email in the space below and we will be in touch!Name First Last Email